[PATCH 0/2] arm64: Implement WXN using MDWE hook

From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Joey Gouly <joey.gouly@arm.com>,
	 Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will@kernel.org>, Marc Zyngier <maz@kernel.org>,
	 Mark Rutland <mark.rutland@arm.com>,
	Ryan Roberts <ryan.roberts@arm.com>,
	 Anshuman Khandual <anshuman.khandual@arm.com>,
	Kees Cook <keescook@chromium.org>
Subject: [PATCH 0/2] arm64: Implement WXN using MDWE hook
Date: Thu, 14 Mar 2024 10:48:05 +0100	[thread overview]
Message-ID: <20240314094804.3094098-4-ardb+git@google.com> (raw)

From: Ard Biesheuvel <ardb@kernel.org>

While the patches to implement WXN support were under review, the kernel
grew another hook in the mmap()/mprotect() code that is more suitable
for introducing a check against an arch-defined policy whether mappings
that are both writable and executable are permitted at all.

So add this hook, and wire up WXN support on top of it.

This supersedes

cb1a393c40ee mm: add arch hook to validate mmap() prot flag
50e3ed0f93f4 arm64: mm: add support for WXN memory translation attribute

which have been reverted in the arm64/for-next core tree.

Catalin raised the question how this is supposed to interoperate with
Permission Indirection and Permission Overlays, and -while those new CPU
features are entirely undocumented as of yet- the conclusion seems to be
that WXN is only useful on cores that lack those new features, as they
are mutually exclusive with WXN, and disabling them just in favor of WXN
seems unwise. Given that WXN is too coarse grained to honour the
existing user space ABI seamlessly, PIE/POE seem better suited to harden
the use of RW vs RX mappings in user space (but WXN would seem more
appropriate for the kernel if it were limited to EL1 only).

However, Linux/arm64 is deployed widely on systems running vertically
integrated software stacks, where the ability to harden both the kernel
and user space in this manner is believed to be a useful feature.

Link: https://lore.kernel.org/all/ZfHG0oeDcF8N0ZOX@arm.com/T/#u

Cc: Joey Gouly <joey.gouly@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Ryan Roberts <ryan.roberts@arm.com>
Cc: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Kees Cook <keescook@chromium.org>

Ard Biesheuvel (2):
  mm: Add arch hook to map_deny_write_exec()
  arm64: mm: add support for WXN memory translation attribute

 arch/arm64/Kconfig                    | 11 +++++++
 arch/arm64/include/asm/cpufeature.h   |  8 +++++
 arch/arm64/include/asm/mman.h         | 16 ++++++++++
 arch/arm64/include/asm/mmu_context.h  | 30 +++++++++++++++++-
 arch/arm64/kernel/pi/idreg-override.c |  4 ++-
 arch/arm64/kernel/pi/map_kernel.c     | 23 ++++++++++++++
 arch/arm64/mm/proc.S                  |  6 ++++
 include/linux/mman.h                  | 32 ++++++++++++++------
 8 files changed, 119 insertions(+), 11 deletions(-)

-- 
2.44.0.278.ge034bb2e1d-goog

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel